ExamGecko
Search Search Login
Home Home / Amazon / DVA-C01

Amazon DVA-C01 Practice Test - Questions Answers, Page 11

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You are writing to a DynamoDB table and receive the following exception:" ProvisionedThroughputExceededException". though according to your Cloudwatch metrics for the table, you are not exceeding your provisioned throughput. What could be an explanation for this?
You are providing AWS consulting services for a company developing a new mobile application that will be leveraging Amazon SNS Mobile Push for push notifications. In order to send direct notification messages to individual devices each device registration identifier or token needs to be registered with SNS; however the developers are not sure of the best way to do this. You advise them to:
A developer runs an application that uses an Amazon API Gateway REST API. The developer needs to implement a solution to proactively monitor the health of both API responses and latencies in case a deployment causes a service disruption despite passing deployment pipeline tests. The solution also must check for endpoint vulnerability and unauthorized changes to APIs. URLs, and website content. Which solution will meet these requirements?
During non-peak hours, a Developer wants to minimize the execution time of a full Amazon DynamoDB table scan without affecting normal workloads. The workloads average half of the strongly consistent read capacity units during non-peak hours. How would the Developer optimize this scan?
Which of the following are correct statements with policy evaluation logic in AWS Identity and Access Management? Choose 2 answers
A company is migrating a web application from on premises to AWS. The company needs to move session storage from the application code to a shared service as part of the migration. The session storage data must be encrypted at rest. Which AWS services meet these requirements? (Choose two.)
A developer has written the following 1AM policy to provide access to an Amazon S3 bucket: Which access does the policy allow regarding the s3:GetObject and s3:PutObject actions'?
An application stores payroll information nightly in DynamoDB for a large number of employees across hundreds of offices. Item attributes consist of individual name, office identifier, and cumulative daily hours. Managers run reports for ranges of names working in their office. One query is. "Return all Items in this office for names starting with A through E". Which table configuration will result in the lowest impact on provisioned throughput for this query?
Games-R-Us is launching a new game app for mobile devices. Users will log into the game using their existing Facebook account and the game will record player data and scoring information directly to a DynamoDB table. What is the most secure approach for signing requests to the DynamoDB API?
A developer is integrating Amazon ElastiCache in an application. The cache will store data from a database. The cached data must populate real-time dashboards. Which caching strategy will meet these requirements?

Question 101

Report
Export
Collapse

A Developer is developing an application that manages financial transactions. To improve security, multi-factor authentication (MFA) will be required as part of the login protocol. What services can the Developer use to meet these requirements?

A.
Amazon DynamoDB to store MFA session data, and Amazon SNS to send MFA codes
A.
Amazon DynamoDB to store MFA session data, and Amazon SNS to send MFA codes
Answers
B.
Amazon Cognito with MFA
B.
Amazon Cognito with MFA
Answers
C.
AWS Directory Service
C.
AWS Directory Service
Answers
D.
AWS IAM with MFA enabled
D.
AWS IAM with MFA enabled
Answers
Suggested answer: B

Explanation:

AWS documentation - Cognito MFA Managing Security

You can add multi-factor authentication (MFA) to a user pool to protect the identity of your users. MFA adds a second authentication method that doesn't rely solely on user name and password. You can choose to use SMS text messages, or time-based one-time (TOTP) passwords as second factors in signing in your users. You can also use adaptive authentication with its risk-based model to predict when you might need another authentication factor. It's part of the user pool advanced security features, which also include protections against compromised credentials.

Question 102

Report
Export
Collapse

A game stores user game data in an Amazon DynamoDB table. Individual users should not have access to other users’ game dat a. How can this be accomplished?

A.
Encrypt the game data with individual user keys.
A.
Encrypt the game data with individual user keys.
Answers
B.
Restrict access to specific items based on certain primary key values.
B.
Restrict access to specific items based on certain primary key values.
Answers
C.
Stage data in SQS queues to inject metadata before accessing DynamoDB.
C.
Stage data in SQS queues to inject metadata before accessing DynamoDB.
Answers
D.
Read records from DynamoDB and discard irrelevant data client-side.
D.
Read records from DynamoDB and discard irrelevant data client-side.
Answers
Suggested answer: B

Question 103

Report
Export
Collapse

A company developed a set of APIs that are being served through the Amazon API Gateway. The API calls need to be authenticated based on OpenID identity providers such as Amazon or Facebook. The APIs should allow access based on a custom authorization model.

Which is the simplest and MOST secure design to use to build an authentication and authorization model for the APIs?

A.
Use Amazon Cognito user pools and a custom authorizer to authenticate and authorize users based on JSON Web Tokens.
A.
Use Amazon Cognito user pools and a custom authorizer to authenticate and authorize users based on JSON Web Tokens.
Answers
B.
Build a OpenID token broker with Amazon and Facebook. Users will authenticate with these identify providers and pass the JSON Web Token to the API to authenticate each API call.
B.
Build a OpenID token broker with Amazon and Facebook. Users will authenticate with these identify providers and pass the JSON Web Token to the API to authenticate each API call.
Answers
C.
Store user credentials in Amazon DynamoDB and have the application retrieve temporary credentials from AWS STS. Make API calls by passing user credentials to the APIs for authentication and authorization.
C.
Store user credentials in Amazon DynamoDB and have the application retrieve temporary credentials from AWS STS. Make API calls by passing user credentials to the APIs for authentication and authorization.
Answers
D.
Use Amazon RDS to store user credentials and pass them to the APIs for authentications and authorization.
D.
Use Amazon RDS to store user credentials and pass them to the APIs for authentications and authorization.
Answers
Suggested answer: A

Question 104

Report
Export
Collapse

A supplier is writing a new RESTful API for customers to query the status of orders. The customers requested the following API endpoint. http://www.supplierdomain.com/status/customerID Which of the following application designs meet the requirements? (Select two.)

A.
Amazon SQS; Amazon SNS
A.
Amazon SQS; Amazon SNS
Answers
B.
Elastic Load Balancing; Amazon EC2
B.
Elastic Load Balancing; Amazon EC2
Answers
C.
Amazon ElastiCache; Amazon Elacticsearch Service
C.
Amazon ElastiCache; Amazon Elacticsearch Service
Answers
D.
Amazon API Gateway; AWS Lambda
D.
Amazon API Gateway; AWS Lambda
Answers
E.
Amazon S3; Amazon CloudFront
E.
Amazon S3; Amazon CloudFront
Answers
Suggested answer: D, E

Question 105

Report
Export
Collapse

A development team consists of 10 team members. Similar to a home directory for each team member the manager wants to grant access to user-specific folders in an Amazon S3 bucket. For the team member with the username “TeamMemberX”, the snippet of the IAM policy looks like this:

Instead of creating distinct policies for each team member, what approach can be used to make this policy snippet generic for all team members?

A.
Use IAM policy condition
A.
Use IAM policy condition
Answers
B.
Use IAM policy principal
B.
Use IAM policy principal
Answers
C.
Use IAM policy variables
C.
Use IAM policy variables
Answers
D.
Use IAM policy resource
D.
Use IAM policy resource
Answers
Suggested answer: C

Explanation:

> https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html > UseAWS Identity and Access Management (IAM) policy variables as placeholders when you don't knowthe exact value of a resource or condition key when you write the policy.

Question 106

Report
Export
Collapse

A legacy service has an XML-based SOAP interface. The Developer wants to expose the functionality of the service to external clients with the Amazon API Gateway. Which technique will accomplish this?

A.
Create a RESTful API with the API Gateway; transform the incoming JSON into a valid XML message for the SOAP interface using mapping templates.
A.
Create a RESTful API with the API Gateway; transform the incoming JSON into a valid XML message for the SOAP interface using mapping templates.
Answers
B.
Create a RESTful API with the API Gateway; pass the incoming JSON to the SOAP interface through an Application Load Balancer.
B.
Create a RESTful API with the API Gateway; pass the incoming JSON to the SOAP interface through an Application Load Balancer.
Answers
C.
Create a RESTful API with the API Gateway; pass the incoming XML to the SOAP interface through an Application Load Balancer.
C.
Create a RESTful API with the API Gateway; pass the incoming XML to the SOAP interface through an Application Load Balancer.
Answers
D.
Create a RESTful API with the API Gateway; transform the incoming XML into a valid message for the SOAP interface using mapping templates.
D.
Create a RESTful API with the API Gateway; transform the incoming XML into a valid message for the SOAP interface using mapping templates.
Answers
Suggested answer: A

Explanation:

https://blog.codecentric.de/en/2016/12/serverless-soap-legacy-api-integration-java-aws-lambdaaws-api-gateway/

Question 107

Report
Export
Collapse

A company is using AWS CodeBuild to compile a website from source code stored in AWS CodeCommit. A recent change to the source code has resulted in the CodeBuild project being unable to successfully compile the website. How should the Developer identify the cause of the failures?

A.
Modify the buildspec.yml file to include steps to send the output of build commands to Amazon CloudWatch.
A.
Modify the buildspec.yml file to include steps to send the output of build commands to Amazon CloudWatch.
Answers
B.
Use a custom Docker image that includes the AWS X-Ray agent in the AWS CodeBuild project configuration.
B.
Use a custom Docker image that includes the AWS X-Ray agent in the AWS CodeBuild project configuration.
Answers
C.
Check the build logs of the failed phase in the last build attempt in the AWS CodeBuild project build history.
C.
Check the build logs of the failed phase in the last build attempt in the AWS CodeBuild project build history.
Answers
D.
Manually re-run the build process on a local machine so that the output can be visualized.
D.
Manually re-run the build process on a local machine so that the output can be visualized.
Answers
Suggested answer: A

Question 108

Report
Export
Collapse

A web application is using Amazon Kinesis Streams for clickstream data that may not be consumed for up to 12 hours. How can the Developer implement encryption at rest for data within the Kinesis Streams?

A.
Enable SSL connections to Kinesis
A.
Enable SSL connections to Kinesis
Answers
B.
Use Amazon Kinesis Consumer Library
B.
Use Amazon Kinesis Consumer Library
Answers
C.
Encrypt the data once it is at rest with a Lambda function
C.
Encrypt the data once it is at rest with a Lambda function
Answers
D.
Enable server-side encryption in Kinesis Streams
D.
Enable server-side encryption in Kinesis Streams
Answers
Suggested answer: D

Explanation:

https://docs.aws.amazon.com/streams/latest/dev/what-is-sse.html

https://aws.amazon.com/about-aws/whats-new/2017/07/amazon-kinesis-streams-introducesserver-side-encryption/

Question 109

Report
Export
Collapse

A Developer wants to use AWS X-Ray to trace a user request end-to-end throughput the software stack. The Developer made the necessary changes in the application tested it, and found that the application is able to send the traces to AWS X-Ray. However, when the application is deployed to an EC2 instance, the traces are not available.

Which of the following could create this situation? (Select two.)

A.
The traces are reaching X-Ray, but the Developer does not have access to view the records.
A.
The traces are reaching X-Ray, but the Developer does not have access to view the records.
Answers
B.
The X-Ray daemon is not installed on the EC2 instance.
B.
The X-Ray daemon is not installed on the EC2 instance.
Answers
C.
The X-Ray endpoint specified in the application configuration is incorrect.
C.
The X-Ray endpoint specified in the application configuration is incorrect.
Answers
D.
The instance role does not have “xray:BatchGetTraces” and “xray:GetTraceGraph” permissions.
D.
The instance role does not have “xray:BatchGetTraces” and “xray:GetTraceGraph” permissions.
Answers
E.
The instance role does not have “xray:PutTraceSegments” and “xray:PutTelemetryRecords” permissions.
E.
The instance role does not have “xray:PutTraceSegments” and “xray:PutTelemetryRecords” permissions.
Answers
Suggested answer: B, E

Question 110

Report
Export
Collapse

A Developer executed a AWS CLI command and received the error shown below:

What action should the Developer perform to make this error human-readable?

A.
Make a call to AWS KMS to decode the message.
A.
Make a call to AWS KMS to decode the message.
Answers
B.
Use the AWS STS decode-authorization-message API to decode the message.
B.
Use the AWS STS decode-authorization-message API to decode the message.
Answers
C.
Use an open source decoding library to decode the message.
C.
Use an open source decoding library to decode the message.
Answers
D.
Use the AWS IAM decode-authorization-message API to decode this message.
D.
Use the AWS IAM decode-authorization-message API to decode this message.
Answers
Suggested answer: B

Explanation:

https://docs.aws.amazon.com/cli/latest/reference/sts/decode-authorization-message.htmlThe message is encoded because the details of the authorization status can constitute privileged information that the user who requested the operation should not see. To decode an authorization status message, a user must be granted permissions via an IAM policy to request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage ) action.

Total 608 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms